{
  "version": "15.0.6",
  "vulnerabilities": [
    {
      "id": "ddf06b7bbbffbb944704a443c2ee1e19161135d59db3094da40a0377b33b51f0",
      "category": "sast",
      "message": "Improper Control of Generation of Code ('Code Injection')",
      "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.",
      "cve": "semgrep_id:eslint.detect-object-injection:3:3",
      "severity": "Medium",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep"
      },
      "location": {
        "file": "src/payments/api/app.js",
        "start_line": 3
      },
      "identifiers": [
        {
          "type": "semgrep_id",
          "name": "eslint.detect-object-injection",
          "value": "eslint.detect-object-injection",
          "url": "https://semgrep.dev/r/gitlab.eslint.detect-object-injection"
        },
        {
          "type": "cwe",
          "name": "CWE-94",
          "value": "94",
          "url": "https://cwe.mitre.org/data/definitions/94.html"
        },
        {
          "type": "eslint_rule_id",
          "name": "ESLint rule ID security/detect-object-injection",
          "value": "security/detect-object-injection"
        }
      ],
      "tracking": {
        "type": "source",
        "items": [
          {
            "file": "src/payments/api/app.js",
            "line_start": 3,
            "line_end": 3,
            "signatures": [
              {
                "algorithm": "scope_offset",
                "value": "src/payments/api/app.js|handler[0]:1"
              }
            ]
          }
        ]
      }
    },
    {
      "id": "ddf06b7bbbffbb944704a443c2ee1e19161135d59db3094da40a0377b33b51f0",
      "category": "sast",
      "message": "Improper Control of Generation of Code ('Code Injection')",
      "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.",
      "cve": "semgrep_id:eslint.detect-object-injection:3:3",
      "severity": "Medium",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep"
      },
      "location": {
        "file": "src/payments/api/app.js",
        "start_line": 3
      },
      "identifiers": [
        {
          "type": "semgrep_id",
          "name": "eslint.detect-object-injection",
          "value": "eslint.detect-object-injection",
          "url": "https://semgrep.dev/r/gitlab.eslint.detect-object-injection"
        },
        {
          "type": "cwe",
          "name": "CWE-94",
          "value": "94",
          "url": "https://cwe.mitre.org/data/definitions/94.html"
        },
        {
          "type": "eslint_rule_id",
          "name": "ESLint rule ID security/detect-object-injection",
          "value": "security/detect-object-injection"
        }
      ],
      "tracking": {
        "type": "source",
        "items": [
          {
            "file": "src/payments/api/app.js",
            "line_start": 3,
            "line_end": 3,
            "signatures": [
              {
                "algorithm": "scope_offset",
                "value": "src/payments/api/app.js|handler[0]:1"
              }
            ]
          }
        ]
      }
    }
  ],
  "dependency_files": [

  ],
  "scan": {
    "analyzer": {
      "id": "semgrep",
      "name": "Semgrep",
      "url": "https://gitlab.com/gitlab-org/security-products/analyzers/semgrep",
      "vendor": {
        "name": "GitLab"
      },
      "version": "3.14.3"
    },
    "scanner": {
      "id": "semgrep",
      "name": "Semgrep",
      "url": "https://github.com/returntocorp/semgrep",
      "vendor": {
        "name": "GitLab"
      },
      "version": "1.3.0"
    },
    "type": "sast",
    "start_time": "2023-03-29T01:32:38",
    "end_time": "2023-03-29T01:32:46",
    "status": "success"
  }
}
